E-Mail Security Hole Found in Apple's OSX Leopard

by Tim Stevens, posted Nov 28th 2007 at 9:15AM

Apple's New Leopard Has Old Security Flaw

Mac addicts like to tout their chosen operating system's security superiority over those who have chosen Microsoft's product, but a report of a major security oversight in the latest release, Leopard, might just give Windows users something to snicker about. It seems the latest Apple OS has a critical flaw in its e-mail application -- a flaw that was fixed in older versions of OSX.

The flaw enables a person to attach malicious code to an e-mail attachment that looks like a simple JPEG image. When you double-click on that supposed image, the code runs and can do whatever it likes to your system, including deleting all your files (or just running something in the background to steal all your passwords). It surreptitiously uses the Unix command-line prompt that few OSX users ever see.

Older versions of Apple Mail pop-up a warning when such attachments are run, but this new one does not, leaving less-in-the-know Mac users somewhat in the cold. To see if your Mac is properly warning you about these e-mails, you can have a safe one sent to you by using the Emailcheck service at heise Security.

From heise Security

Related Links:

Filed under: Computers

Tags: Apple, Leopard, Mac, security, Virus

Relevant Posts

iPhone Security Hole Leaves Your Personal Info Vulnerable (2 days ago - 10 Comments)
New Web Attack Hijacks Your Clipboard (12 days ago - 27 Comments)
Apple Acknowledges iPhone Security Hole, Promises Fix Next Month (Yesterday - 0 Comments)
Computer Virus Found on Space Station (3 days ago - 0 Comments)
Hackers Using Facebook Wall to Spread Viruses (22 days ago - 6 Comments)

Subscribe to these comments

Reader Comments (Page 1 of 1)

Neutral

jude @ Nov 28th 2007 7:30PM

Children's Defense Fund’s Leave No Child Behind® mission is to ensure every child a Healthy Start, a Head Start, a Fair Start, a Safe Start, and a Moral Start in life and successful passage to adulthood with the help of caring families and communities.

CDF provides a strong, effective voice for all the children of America who cannot vote, lobby, or speak for themselves.

Particular attention to the needs of poor and minority children and those with disabilities.

CDF encourages preventive investment before children get sick or into trouble, drop out of school, or suffer family breakdown.

CDF began in 1973 and is a private, nonprofit organization supported by foundation and corporate grants and individual donations. CDF has never taken government funds.

Neutral

steve ballmer @ Nov 28th 2007 10:07PM

The entire Apple OS thing has been an abysmal failure from the very beginning!

Neutral

SarahGee007 @ Nov 29th 2007 12:35PM

I LOVE my MAC and I'll never go back!!

Add your comments

New Users

Name

E-mail

Current Users

E-mail:

Password

Remember Me

E-Mail me when someone replies to this comment

Add your comments:

Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.

When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.

To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.

Please note that gratuitous links to your site are viewed as spam and may result in removed comments. And yes, comments are moderated.

Rock Band Weekly: PAX pack with Jonathan Coulton, MC Frontalot and Darkest of the Hillside Thickets You choose Battlefield Bad Company Conquest maps PAX 2008 cosplay, day one	10 Awesome BlackBerry apps Googleholic for August 29, 2008 3 Mobile Web Apps that keep old Pocket PCs relevant
Rumor: Apple and AT&T working on tethering deal My favorite iPod touch apps: Mike R.'s picks Meet Spore's creator at Regent St. Apple Store	Closing Bell: Dow, NASDAQ and S&P down on inflation and oil worries Is infrastructure investment good for the U.S. economy? Broadcom (BRCM): Behind the iPhone display, and more
PAX 08: Halo 3's Assembly officially revealed PAX 08: Witness a Bungie and The Behemoth booth construction Watch Left 4 Dead running on 360 [update]	Empty the 401k: Riddler-winning Ferrambo up for sale VIDEO: Viper ACR and Corvette ZR1 battle on the 'Ring BMW helping disabled vets get back behind the wheel
Shipping screw up causes slight S.T.A.L.K.E.R. Clear Sky US delay Penny Arcade: E For All organizers "don't know what they're doing" Portal 50 percent off this weekend on Steam	Vikings' Bryant McKinnie Suspended 4 Games, Tarvaris Jackson Will Get Off to a Rough Start Oh, Adrian Arrington, Your Rookie Season Has Ended Much Too Soon And You Thought You Knew Mario Manningham